Telecommunications network and method for time-based network access

ABSTRACT

The invention relates to a telecommunications network configured for providing access to a plurality of terminals is proposed and a method therefore. Each terminal comprises a unique identifier for accessing the telecommunications network. The telecommunications network comprises a register, an access request receiver and an access module. The register is configured for storing the unique identifier of at least one terminal in combination with at least one grant access time interval, or an equivalent thereof, during which access for the terminal is permitted. The access request receiver is configured for receiving the access request and the unique identifier for accessing the telecommunications network from the terminal. The access module is configured for denying access for the terminal if the access request is received outside the time interval, or the equivalent thereof.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of, and claims priority to,U.S. application Ser. No. 12/919,965, filed on Aug. 27, 2010, which is anational stage entry of, and claims priority to, PCT/EP2009/001214,filed on Feb. 19, 2009, which claims priority to European PatentApplication EP 08003753.4, filed in the European Patent Office on Feb.29, 2008, all three of which are hereby incorporated in their entiretyherein by reference.

FIELD OF THE INVENTION

The invention relates to the field of telecommunications. In particular,the invention relates a telecommunications network and a method ofpermitting access to said telecommunications network.

BACKGROUND OF THE INVENTION

The past decades have seen an ever increasing demand for data capacityof telecommunications network. Telecommunications providers have adaptedtheir networks to provide extended GSM services, like GPRS, and 3Gservices and are continuing to provide further services to meet thedemands of their clients.

Telecommunications providers have made attempts to influence thebehaviour of their clients in order to efficiently use networkresources. As an example, mobile data subscriptions nowadays are usuallyoffered using volume based billing, possibly in combination with avolume cap, thereby forcing clients to consider the amount of data to betransmitted over a network. However, the control of the client behaviourand/or terminal data transmission and, therefore, the use of the networkresources is still limited.

There is a need in the art for an improved telecommunications networkand method for regulating the use of network resources.

SUMMARY OF THE INVENTION

A telecommunications network configured for providing communicationaccess to a plurality of terminals is proposed. Each terminal comprisesa unique identifier for accessing the telecommunications network. Theunique identifier is preferably associated with a subscription of theterminal, e.g. the identifier of a SIM (IMSI) that is available in theterminal. The telecommunications network comprises a register, an accessrequest receiver and an access module. The register is configured forstoring the unique identifier of at least one terminal in combinationwith at least one grant access time interval, or an equivalent thereof,during which access for the terminal is permitted. The access requestreceiver is configured for receiving the access request for accessingthe telecommunications network from the terminal. The access request maycontain the unique identifier or a temporary identifier. The accessmodule is configured for denying access for the terminal if the accessrequest is received outside the access time interval, or the equivalentthereof.

A register and a serving controlling entity for use in such a networkare also proposed.

A computer-implemented method of controlling access to atelecommunications network is also proposed. The telecommunicationsnetwork is configured for allowing access for a plurality of terminals,each terminal comprising a unique identifier for accessing thetelecommunications network. The telecommunications network comprises aregister configured for storing the unique identifier of at least oneterminal in combination with at least one grant access time interval, oran equivalent thereof. An access request is received from the terminalfor access to the telecommunications network. The access request maycontain the unique identifier or a temporary identifier. In a furtherstep, the grant access time interval for the terminal is verified, usingthe unique identifier. Access to the telecommunications network for saidterminal is denied if the access request is received outside the timeinterval.

A computer program and a carrier for such a computer program comprisingprogram code portions configured for executing the method are alsoproposed.

A terminal for use in the system and method is also proposed.

It should be appreciated that an equivalent of the grant access timeinterval includes a deny access time interval identifying a timeinterval during which an access request for access to thetelecommunications network is to be denied.

The access request may be a circuit-switched access request, apacket-switched access request or a combined request.

The steps of accessing a telecommunications network are standardized ine.g. 3 GGP TS 23.060 (Release 7). It should be appreciated that theaccess to the telecommunications network can be denied at various accessphases. The first phase of requesting network access typically involvesa network attach procedure comprising several steps. Preferably, accessto the telecommunications network is denied by denying network attach ofthe terminal. Denying at this phase provides for optimized saving ofresources.

A further network access phase involves the establishment of a PDPcontext. Establishment of the PDP context may be denied. Although thepreceding network attach already involved the use of network resources,prohibiting the establishment of a PDP context prevents effective use ofthe telecommunications network and hence saves resources. It should benoted that operator determined barring (ODS) as such for access to atelecommunications network is already described in 3GGP TS 23.015, V.7.0.0. The barring possibility allows network operators to deny accessto particular destinations for certain subscribers.

By providing the option of specifying one or more time intervals duringwhich access to the telecommunications network is allowed for aparticular terminal or group of terminals, the network operator planningand control of the use of network resources is facilitated. Denying orblocking access during time intervals can prove advantageous in varioussituations. In particular, some machine-to-machine (M2M) applications donot require the transfer of data to be immediate. If these applicationsare prevented from claiming one or more network resources during e.g.peak load hours, network resources can be saved. Such subscriptions maye.g. be offered at a lower subscription rate.

M2M applications typically involve hundreds or thousands of devices thatonly rarely require access to a telecommunications network. An exampleinvolves the electronic reading of e.g. electricity meters at the homesof a large customer base.

The embodiments of claims 2 and 13 provide for a suitable place in thetelecommunications network for making available the combinations ofterminal identifier(s) and associated time interval(s).

The embodiments of claims 3 and 14 provide for a dynamic time interval(and possibly a virtual or implicit time interval) during which accessto the telecommunications network is allowed/prohibited. Theseembodiments contribute to the optimum use of network resources.

The embodiments of claims 4 and 15 provide for an improved use ofnetwork resources.

The embodiments of claims 5 and 16 provide for an improved use ofnetwork resources.

The embodiments of claims 6 and 17 provides the option to inform theterminal of the grant access time interval. Such information should onlybe transmitted to the terminal in question. Moreover, only allowingsingle authentication saves network resources and saves power for theterminals.

The embodiments of claims 7 and 18 ensure that the decisions whether ornot to allow access (either network attach or establishment of the PDPcontext) to the telecommunications network is embedded at a low level ofthe telecommunications network, e.g. at the SGSN, reducing networkresource consumption. Other solutions, such as the implementation ofgrant access time rules in a RADIUS server, would require severalnetwork functions, mobility management and setting up a packet dataprotocol (PDP) context, and, thereby, unnecessarily consume networkresources in case it would be determined that the terminal accessed thetelecommunications network outside the grant access time interval.

The embodiments of claims 8 and 19 allow the transmission of informationto the terminal. Such information may include information concerning theapplicable grant access time interval. Possibly, the information mayinclude control information for controlling terminal operation. Thecontrol information may e.g. control the terminal to log in during atime interval wherein the network load is expected to be low. Anauthentication procedure is preferably performed for this terminal.

The embodiments of claims 9 and 20 provide for higher levelauthentication, e.g. at a GGSN, during the grant access time interval.

Hereinafter, embodiments of the invention will be described in furtherdetail. It should be appreciated, however, that these embodiments maynot be construed as limiting the scope of protection for the presentinvention.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings:

FIG. 1 shows a schematic illustration of a telecommunications networkaccording to an embodiment of the present invention;

FIG. 2 shows a HLR, a SGSN and a GGSN of the telecommunications networkof FIG. 1;

FIGS. 3A-3D show various time diagrams of methods for using thetelecommunications system of FIG. 1; and

FIG. 4 shows a schematic illustration of a terminal for use with thetelecommunications network of FIG. 1.

DETAILED DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a schematic illustration of a packet service vicetelecommunications network 1 in combination with a plurality ofterminals A-D that may access the telecommunications network 1 for datacommunication.

The telecommunications network 1 comprises a radio access network 2containing a base transceiver station 3 and a base station controller 4.The radio access network is connected to a mobile core networkcontaining a serving controller entity 5, a register 6 and a gateway 7providing access to a further network 8.

The serving controller entity 5 may be a serving GPRS support node(SGSN) or another entity. The SGSN 5 controls the connection between thetelecommunications network 1 and the terminals A-D. It should beappreciated that the telecommunications network may contain a pluralityof SGSNs, wherein each of the SGSNs is connected typically to basestation controllers 3 in such a way that they can provide a packetservice for terminals via several base stations 3.

The register 6 may be a home location register (HLR) or another register(such as a home subscriber server for IMS).

The gateway 7 may be a GPRS gateway support node (GGSN) to e.g. theinternet. Other external networks include a corporate network or anothernetwork of the operator. The GGSN 7 is connected to the SGSN 5 via acore network.

Access for the terminals A-D to the telecommunications network 1involves a number of access phases.

The first phase involves the phase during which a terminal A-D performsan attach to the telecommunications network 1. In this phase, variouscommunication steps are performed, including authentication steps, asexemplified in 3GGP TS 23.060 (Release 7). The authentication stepsperform a security function and involve exchange of an authenticationtriplet (for GPRS) or quintet (for UMTS).

In a subsequent phase, a packet data protocol (PDP) context, may beestablished to carry traffic flows over the telecommunications network1. A PDP context typically includes a radio access bearer providedbetween a terminal A and the SGSN 5 and switched packet data channels ortunnels provided between the SGSN 5 and the GGSN 7. A session betweenthe terminal A and another party would then be carried on theestablished PDP context. A PDP context can carry more than one trafficflow, but all traffic flows within one particular PDP context aretreated the same way as regards their transmission across thetelecommunications network 1.

In operation, the terminal A may indicate after the network attachphase, in a message requesting to activate the PDP context in thenetwork, an access point name (APN) for selection of a reference pointto a certain external network 8. The SGSN 5 may send a PDP contextcreation request to the GGSN 7 selected e.g. according to the accesspoint name given by the terminal A or to a default GGSN known by theSGSN 5. Subsequently, the PDP context is activated by allocating a PDPcontext data structure in the SGSN 5 that is used by the terminal A andthe GGSN 7 serving the subscribers access point. The data structurecontains an IP address of the terminal A, the IMSI of the terminal A andtunnel ID's at both the SGSN 5 and the GGSN 7. The tunnel ID is a numberallocated by the GGSN 7 which identifies the data related to aparticular PDP context.

Various features can be controlled by the SGSN 5 during a communicationsession. This control may be based on information associated with thesubscription and stored in the HLR 6. The information may be retrievedfrom the HLR 6 to the SGSN 5 to allow control at the SGSN-level.

In particular, and with reference now to FIG. 2, the HLR 6 contains aunique identifier associated with the subscription for each terminalA-D, e.g. the IMSI stored in the SIM of the terminal A-D. Each terminalA-D has been assigned a time interval during which access to thetelecommunications network 1 will be granted.

In this example, for terminals A and B, access will be granted between0800-1100 pm. For terminal C, access will be granted between 0000-0500am. These time intervals are typically off-peak intervals for most daysof the year. Batches of terminals may be defined and assigned aparticular interval of the off-peak hours. For terminal D, a variabletime interval x-y is scheduled, depending on the network loadexperienced by or expected for the telecommunications network 1. If thenetwork load drops below or is expected to drop below a particularthreshold, access is granted to the terminal D.

Of course, the time intervals may also relate to time slots during whichaccess to the telecommunications network 1 is denied, i.e. access denytime intervals. Multiple time intervals may be assigned to a terminal.

In order to control the use of resources of the telecommunicationsnetwork 1, the SGSN 5 contains several modules for performing theoperations described below in further detail. It should be noted thatone or more of these modules may be implemented as software modulesrunning on a processor (not shown). The SGSN 5 further contains memoryand storage (not shown) for performing these operations in a mannergenerally known to the skilled person.

The SGSN 5 comprises an access request receiver 20 configured forreceiving an access request from the terminals A-D for access to thetelecommunications network 1. The access request of a terminal containsthe IMSI of the SIM available in this terminal.

The SGSN 5 has an access module 21 configured for denying access for aterminal to the telecommunications network 1 if the access request isreceived outside the grant access time interval(s) for that terminal (orwithin the access deny interval). The access denial may relate to thenetwork attach or the establishment of the PDP context.

Moreover, the SGSN 5 comprises a data retrieval module 22. The dataretrieval module 22 is configured for retrieving data from the HLR 6, inparticular the applicable access grant time interval associated with theterminals A-D from which the access request was received. However, itshould be appreciated that the SGSN 5 itself may be pre-configured withrespect to particular terminals and therefore already comprise the grantaccess time interval(s) for these terminals. This may be particularlyadvantageous for stationary terminals.

The SGSN 5 also comprises a PDP context establishing module 23 and anauthenticator 24.

SGSN 5 may also have a network load monitor 25 configured for monitoringthe network load of the telecommunications network 1. Network loadinformation may also be obtained from other sources, e.g. other SGSNs orthe HLR of the telecommunications network 1. Network monitoring may bereal time and/or be based on the expected network load usingmathematical models and history data to obtain an appropriate loadexpectation.

The operation of the telecommunications network 1, and in particular theSGSN 5, will now be described with reference to FIGS. 3A-3D.

In FIG. 3A, the access request receiver 20 of the SGSN 5 receives anattach request from terminal A at 0700 pm in step 30. To be able toprocess this attach request, the SGSN needs the IMSI of the SIMavailable in the terminal. The attach request may contain either thisIMSI or a P-TMSI assigned to terminal A by an SGSN. The P-TMSI is usedto prevent transmission of the IMSI over the radio path as much aspossible for security reasons. If the P-TMSI provided by terminal A isknown in the SGSN, the SGSN is able to derive the IMSI. Alternatively,for a P-TMSI provided by terminal A that is not known by the (new) SGSN,the IMSI is provided either by the old SGSN or the terminal itself onrequest of the new SGSN. The IMSI is used by data retrieval module 22 toretrieve the grant access time interval (0800-1100 pm) from the HLR 6 tothe SGSN 5 in step 31.

The grant access time interval may be communicated from the HLR 6 to theSGSN 5 in a variety of ways.

The attach request 30 is typically followed by an authentication check,step 31. The grant access time interval may be transmitted to the SGSN 5with the authentication triplet or quintet.

The authentication procedure of the network attach phase is typicallyfollowed by a location update procedure. First an update locationrequest 32 is transmitted from the SGSN 5 to the HLR 6. The grant accesstime interval may also be transmitted to the SGSN 5 in a subsequentInsert Subscriber Data message from HLR 6 (step 33). The network attachphase is finalized with an attach accept message to the terminal A (step34).

After finalizing the network attach phase (which may comprise furthersteps than mentioned in the previous paragraphs), a PDP context isestablished. The terminal A requests establishment of the PDP context inan activate PDP context request 35.

Irrespective of the manner of obtaining the grant access time interval,the access module of SGSN 5 determines that the access request wasreceived outside the grant access time interval. Consequently, a PDPcontext is not established (indicated by the cross in step 36). Theterminal A is informed of the denial in step 37.

It is noted that the authenticator 24 of SGSN 5 may or may not haveauthenticated terminal A in the above situation. Authentication isrequired if the grant access time interval is transmitted from the HLR 6to SGSN 5 in response to the update location message 32. However,authentication should not be completed if the grant access time intervalis obtained in SGSN with the authentication triplet/quintet.Authentication is preferred if the denial message 37 to the terminal Acontains information concerning the grant access time interval.

The SGSN 5 comprises or obtains and maintains the data of the failedaccess request. This may e.g. be done by storing the time interval incombination with the IMSI of terminal A or by flagging the terminal Atemporarily in combination with some time indication.

Another access request at a time outside the window 0800-1100 pm (step38), again containing or followed by the IMSI of terminal A, may then bedenied directly (step 39). Authentication will not be performed again.

In FIG. 3B, the network attach of terminal A is received at 0900 pm.Steps 40-45 correspond to steps 30-35. Since the network attach requestis now within the time interval allocated for access for the terminal A,access module 21 controls the PDP context establishing module 23 of theSGSN 5 to establish a PDP context with the terminal A and to establish aPDP tunnel with the GGSN 7. In particular, step 46 involves a Create PDPContext Request and step 47 a Create PDP Context Response in a mannerknown as such. In step 48, the terminal A is informed by a Activate PDPContext Accept message. The terminal A may now follow anotherauthentication procedure (step 49), using e.g. a RADIUS server in thefurther network 8.

The network load monitoring module 25 of SGSN 5 may monitor the networkload of (a part of) the telecommunications network 1 or output anexpected network load. The network load may be compared with a loadthreshold in order to evaluate the existence of a low network loadsituation at a particular time or time interval.

In FIG. 3C, steps 50-53 correspond to steps 30-33 of FIG. 3A.Authentication of terminal D is performed and in step 54, the terminal Dis informed of a time interval x-y during which a low network load isexpected. The information includes control information to controlterminal D such that it accesses the telecommunications network 1 again(step 55) in such a low network load time interval. A PDP context can beset up immediately (steps 56-58) and access to the RADIUS server isallowed.

As mentioned above, the denial of access to the telecommunicationsnetwork 1 is preferably performed during the network attach. FIG. 3Dshows in step 60 a network attach message of terminal A containing anIMSI. Then an authentication procedure is performed (step 61) duringwhich the grant access time interval is received at SGSN 5. The grantaccess time interval and the IMSI is stored at SGSN 5. Alternatively,the grant access time interval is obtained in the location updateprocedure (steps 62 and 63). The network attach is denied in step 64.

As mentioned before, SGSN 5 may itself comprise pre-configuredinformation regarding the grant access time interval for terminal A.Alternatively, the SGSN uses authenticator 24 to authenticate terminal Aand to provide terminal A with information regarding the grant accesstime interval in step 61.

FIG. 4 shows a schematic illustration of terminal A. The terminal Acomprises a transceiver module 70 for communicating with thetelecommunications network 1. The terminal A further has an accessrequest module 71. The access request module is configured for receivinginformation regarding the grant access time interval from thetelecommunications network 1 via the transceiver module 70 and totransmit an access request to the telecommunications network only at atime within the grant access time interval.

It should be noted that the above described telecommunications networkand system are especially suitable for saving resources. There may beother approaches to influence access behaviour of terminals but theseare considered to waste more resources.

As an example, a network provider may allow access to the network at alltimes but charge a (very) high rate for data sent outside the off-peaktime. This provides no incentive for the user to tear down theconnection (i.e. the PDP context) to the network. It only provides anincentive to not send data during the expensive peak hour. However, anactive PDP context still consumes a lot of resources in the mobile radioand core network as well as requiring an IP address. It also requiresthe terminal being attached to the network, meaning all kinds ofmobility management features should be in place. Furthermore, thissolution requires a more complicated billing system that allows charginghigher rates at certain times.

Another example would include blocking access to the terminal duringpeak hours as a rule in a RADIUS server. However, network resourceswould already be consumed before access is blocked by the RADIUS server.The terminal is already allowed to attach to the network, meaning theSGSN would have retrieved information from the HLR, and is performingmobility management functions. Also, the terminal has been allowed toestablish a PDP context. If the RADIUS server would reject the requestfor access to the external data network, the GGSN would not accept thePDP context, and the tunnel would be taken down. Attachment to thenetwork will however continue if no additional measures were taken.

The invention claimed is:
 1. A telecommunications network configured forproviding access to a plurality of terminals, each terminal of theplurality comprising a unique identifier for accessing thetelecommunications network, wherein the telecommunications networkcomprises: a register configured for storing the unique identifier of atleast one terminal in combination with at least one grant access timeinterval, during which access to the telecommunications network for theat least one terminal is permitted; an access request receiverconfigured for receiving an access request and determining the uniqueidentifier for accessing the telecommunications network from the atleast one terminal; one or more processors and memory storing processorinstructions that, when executed by the one or more processors, causethe one or more processors to carry out operations including: an accessoperation for denying network access to the telecommunications networkfor the at least one terminal if the access request is received outsideof the grant access time interval; and a serving controller entityconfigured for transmitting one of access denial information or accessgrant information to the at least one terminal, wherein the at least oneterminal transmits an access request to the telecommunications networkonly within the grant access time interval identified according towhichever one of the access denial information or the access grantinformation is transmitted by the serving controller, wherein a class ofapplications that do not require immediate transfer of data areexecuted, and wherein the grant access time interval for a terminalexecuting the class of applications is a variable time interval x-y thatis scheduled depending on a network load experienced by, or expectedfor, the telecommunications network, wherein access to thetelecommunications network is granted if the network load is below, oris expected to be below, a particular threshold.
 2. Thetelecommunications network of claim 1, wherein the serving controllerentity is configured for transmitting one of access denial or accessgrant information to the at least one terminal in response to the accessoperation denying access to the telecommunications network.
 3. Thetelecommunications network of claim 1, wherein the telecommunicationsnetwork is further configured for obtaining and for monitoring a networkload of the telecommunications network, and for adapting the grantaccess time interval in dependence of the network load.
 4. Thetelecommunication network of claim 1, wherein a network load of thetelecommunications network is monitored by at least one of (i) real-timemonitoring, or (ii) monitoring based on an expected network load andusing mathematical models and history data.
 5. The telecommunicationsnetwork of claim 1, wherein applications that do not require immediatetransfer of data are denied access to the network during peak loadperiods by having grant access time intervals that are outside the peakload periods.
 6. The telecommunications network of claim 1, wherein thegrant access time interval for a terminal executing the class ofapplications corresponds to time slots during which access to thetelecommunications network is denied.
 7. The telecommunications networkof claim 1, wherein the telecommunications network comprises a cellularnetwork, and the register is one of a home location register or a homesubscriber server of the cellular telecommunications network.
 8. Thetelecommunications network of claim 1, further comprising a network loadmonitor configured for monitoring a network load of thetelecommunications network.
 9. The telecommunications network of claim8, wherein the network load monitor obtains network load informationfrom the serving controller entity.
 10. The telecommunications networkof claim 8, wherein the telecommunications network further comprises anSGSN, and wherein the network load monitor obtains network loadinformation from the SGSN.
 11. The telecommunications network of claim1, wherein the access operation is configured for denying a networkattach to the telecommunications network.
 12. The telecommunicationsnetwork of claim 1, wherein the access operation is further configuredfor denying access without authentication of the at least one terminal.13. The telecommunications network of claim 1, wherein the networkfurther comprises a gateway to a further network, the gateway beingconfigured for allowing further authentication of the at least oneterminal.
 14. A register configured for use in a telecommunicationsnetwork, wherein the telecommunications network is configured forproviding access to a plurality of terminals, each terminal of theplurality comprising a unique identifier for accessing thetelecommunications network, and wherein the register is furtherconfigured to store the unique identifier of at least one terminal incombination with at least one grant access time interval, during whichaccess to the telecommunications network for the at least one terminalis permitted, wherein a class of applications that do not requireimmediate transfer of data are executed, and wherein the grant accesstime interval for a terminal executing the class of applications is avariable time interval x-y that is scheduled depending on a network loadexperienced by, or expected for, the telecommunications network, whereinaccess to the telecommunications network is granted if the network loadis below, or is expected to be below, a particular threshold.
 15. Aserving controller entity configured for use in a telecommunicationsnetwork, wherein the telecommunications network is configured forproviding access to a plurality of terminals, each terminal of theplurality comprising a unique identifier for accessing thetelecommunications network, wherein the serving controller entityimplements an access operation, and wherein the access operation of theserving controller entity is configured to transmit one of access denialinformation or access grant information to a terminal, wherein theterminal transmits an access request to the telecommunications networkonly within a grant access time interval identified according towhichever one of the access denial information or the access grantinformation is transmitted by the serving controller, wherein a class ofapplications that do not require immediate transfer of data areexecuted, and wherein the grant access time interval for a terminalexecuting the class of applications is a variable time interval x-y thatis scheduled depending on a network load experienced by, or expectedfor, the telecommunications network, wherein access to thetelecommunications network is granted if the network load is below, oris expected to be below, a particular threshold.
 16. Atelecommunications network configured for providing access to aplurality of terminals, each terminal of the plurality comprising aunique identifier for accessing the telecommunications network, whereinthe telecommunications network comprises: a register configured forstoring the unique identifier of at least one terminal in combinationwith at least one access deny time interval, during which access to thetelecommunications network for the at least one terminal is denied; anaccess request receiver configured for receiving an access request anddetermining the unique identifier for accessing the telecommunicationsnetwork from the at least one terminal; one or more processors andmemory storing processor instructions that, when executed by the one ormore processors, cause the one or more processors to carry outoperations including: an access operation for denying network access forthe at least one terminal if the access request is received within ofthe access deny time interval; and a serving controller entityconfigured for transmitting one of access denial information or accessgrant information to the at least one terminal, wherein the at least oneterminal transmits an access request to the telecommunications networkonly outside the access deny time interval identified according towhichever one of the access denial information or the access grantinformation is transmitted by the serving controller, wherein a class ofapplications that do not require immediate transfer of data areexecuted, and wherein the access deny time interval for each terminal isa variable time interval x-y that is scheduled depending on network loadexperienced by, or expected for, the telecommunications network, accessto the telecommunications network being denied to the each terminal ifthe network load is above, or is expected to be above, a particularthreshold.
 17. The telecommunications network of claim 16, wherein theserving controller entity is configured for transmitting one of accessdenial or access grant information to the at least one terminal inresponse to the access operation denying access to thetelecommunications network.
 18. The telecommunications network of claim16, wherein the telecommunications network is further configured forobtaining and for monitoring a network load of the telecommunicationsnetwork, and for adapting the access deny time interval in dependence ofthe network load.
 19. The telecommunication network of claim 16, whereina network load of the telecommunications network is monitored by atleast one of (i) real-time monitoring, or (ii) monitoring based on anexpected network load and using mathematical models and history data.20. The telecommunications network of claim 16, wherein applicationsthat do not require immediate transfer of data are denied access to thenetwork during peak load periods by having access deny time intervalsthat are within the peak load periods.
 21. The telecommunicationsnetwork of claim 16, wherein the access deny time interval for aterminal executing the class of applications corresponds to time slotsduring which access to the telecommunications network is allowed. 22.The telecommunications network of claim 16, wherein thetelecommunications network comprises a cellular network, and theregister is one of a home location register or a home subscriber serverof the cellular telecommunications network.
 23. The telecommunicationsnetwork of claim 16, further comprising a network load monitorconfigured for monitoring a network load of the telecommunicationsnetwork.
 24. The telecommunications network of claim 23, wherein thenetwork load monitor obtains network load information from the servingcontroller entity.
 25. The telecommunications network of claim 23,wherein the telecommunications network further comprises an SGSN, andwherein the network load monitor obtains network load information fromthe SGSN.
 26. The telecommunications network of claim 16, wherein theaccess operation is configured for denying a network attach to thetelecommunications network.
 27. The telecommunications network of claim16, wherein the access operation is further configured for denyingaccess without authentication of the at least one terminal.
 28. Thetelecommunications network of claim 16, wherein the network furthercomprises a gateway to a further network, the gateway being configuredfor allowing further authentication of the at least one terminal.
 29. Acomputer-implemented method of controlling access to atelecommunications network, the telecommunications network beingconfigured for allowing access for a plurality of terminals, eachterminal of the plurality comprising a unique identifier for accessingthe telecommunications network, the method comprising: receiving anaccess request and the unique identifier from at least one terminal foraccess to said telecommunications network; accessing a grant access timeinterval associated with the at least one terminal from a register ofthe telecommunications network using the received unique identifier,wherein the register is configured for storing the unique identifier ofthe at least one terminal in combination with the grant access timeinterval; and denying access to the telecommunications network for theat least one terminal if the access request is received outside thegrant access time interval; a serving controller transmitting one ofaccess denial information or access grant information to the at leastone terminal; and the at least one terminal transmitting an accessrequest to the telecommunications network only within the grant accesstime interval identified according to whichever one of the access denialinformation or the access grant information is transmitted by theserving controller, wherein a class of applications that do not requireimmediate transfer of data are executed, and wherein the grant accesstime interval for a terminal executing the class of applications is avariable time interval x-y that is scheduled depending on a network loadexperienced by, or expected for, the telecommunications network, whereinaccess to the telecommunications network is granted if the network loadis below, or is expected to be below, a particular threshold.
 30. Themethod of claim 29, wherein transmitting one of access denial or accessgrant information to the at least one terminal comprises transmittingone of the access denial or the access grant information to the at leastone terminal in response to the access module denying access to thetelecommunications network.
 31. The method of claim 29, furthercomprising: monitoring network load of the telecommunications network;and adapting the grant access time interval based at least in part onthe monitored network load.
 32. The method of claim 30, whereinmonitoring network load of the telecommunications network comprises oneof (i) real-time monitoring, or (ii) monitoring based on an expectednetwork load and using mathematical models and history data.
 33. Themethod of claim 29, wherein applications that do not require immediatetransfer of data are denied access to the network during peak loadperiods by having grant access time intervals that are outside the peakload periods.
 34. The method of claim 29, wherein the grant access timeinterval for a terminal executing the class of applications is one ofone or more grant access time intervals assigned to a particularterminal or group of terminals.
 35. The method of claim 29, wherein thetelecommunications network comprises a cellular network, and theregister is one of a home location register or a home subscriber serverof the cellular telecommunications network.
 36. The method of claim 29,wherein the telecommunications network further comprises a network loadmonitor obtaining a network load of the telecommunications network fromone of a home location register (HLR) or the serving controller entity.37. The method claim 29, wherein denying access to thetelecommunications network for the at least one terminal if the accessrequest is received outside the grant access time interval comprisesdenying a network attach to the telecommunications network.
 38. Themethod of claim 29, wherein denying access to the telecommunicationsnetwork for the at least one terminal if the access request is receivedoutside the grant access time interval comprises denying access of theterminal in the telecommunications network without authentication of theterminal.
 39. The method claim 29, further comprising: authenticatingthe at least one terminal in the telecommunications network in responseto receiving the access request; and denying a network attach for the atleast one terminal in response to receiving the access request from theat least one terminal outside the grant access time interval.
 40. Themethod of claim 29, wherein: receiving the access request comprisesreceiving the access request at the serving controller entity; accessinga grant access time interval comprises retrieving the grant access timeinterval from the register to the serving controller entity in responseto receiving the access request; and denying access to thetelecommunications network comprises one of (i) denying a network attachfor the at least one terminal if the access request is received outsidethe retrieved grant access time interval, or (ii) denying establishing apacket data protocol context for the at least one terminal if the accessrequest is received outside the retrieved grant access time interval.41. A computer-implemented method of controlling access to atelecommunications network, the telecommunications network beingconfigured for allowing access for a plurality of terminals, eachterminal of the plurality comprising a unique identifier for accessingthe telecommunications network, the method comprising: receiving anaccess request and the unique identifier from at least one terminal foraccess to said telecommunications network; accessing an access deny timeinterval associated with the at least one terminal from a register ofthe telecommunications network using the received unique identifier,wherein the register is configured for storing the unique identifier ofthe at least one terminal in combination with the access deny timeinterval; and denying access to the telecommunications network for theat least one terminal if the access request is received within theaccess deny time interval; a serving controller transmitting one ofaccess denial information or access grant information to the at leastone terminal; and the at least one terminal transmitting an accessrequest to the telecommunications network only outside of the accessdeny time interval identified according to whichever one of the accessdenial information or the access grant information is transmitted by theserving controller, wherein a class of applications that do not requireimmediate transfer of data are executed, and wherein the access denytime interval for each terminal is a variable time interval x-y that isscheduled depending on network load experienced by, or expected for, thetelecommunications network, access to the telecommunications networkbeing denied to the each terminal if the network load is above, or isexpected to be above, a particular threshold.
 42. The method of claim41, wherein transmitting one of access denial or access grantinformation to the at least one terminal comprises transmitting one ofthe access denial or the access grant information to the at least oneterminal in response to the access module denying access to thetelecommunications network.
 43. The method of claim 42, whereinmonitoring network load of the telecommunications network comprises oneof (i) real-time monitoring, or (ii) monitoring based on an expectednetwork load and using mathematical models and history data.
 44. Themethod of claim 41, further comprising: monitoring network load of thetelecommunications network; and adapting the access deny time intervalbased at least in part on the monitored network load.
 45. The method ofclaim 41, wherein applications that do not require immediate transfer ofdata are denied access to the network during peak load periods by havingaccess deny time intervals that are within the peak load periods. 46.The method of claim 41, wherein the access deny time interval for aterminal executing the class of applications is one of one or moreaccess deny time intervals assigned to a particular terminal or group ofterminals.
 47. The method of claim 41, wherein the telecommunicationsnetwork comprises a cellular network, and the register is one of a homelocation register or a home subscriber server of the cellulartelecommunications network.
 48. The method of claim 41, wherein thetelecommunications network further comprises a network load monitorobtaining a network load of the telecommunications network from one of ahome location register (HLR) or the serving controller entity.
 49. Themethod claim 41, wherein denying access to the telecommunicationsnetwork for the at least one terminal if the access request is receivedwithin the access deny time interval comprises denying a network attachto the telecommunications network.
 50. The method of claim 41, whereindenying access to the telecommunications network for the at least oneterminal if the access request is received within the access deny timeinterval comprises denying access of the terminal in thetelecommunications network without authentication of the terminal. 51.The method claim 41, further comprising: authenticating the at least oneterminal in the telecommunications network in response to receiving theaccess request; and denying a network attach for the at least oneterminal in response to receiving the access request from the at leastone terminal within the access deny time interval.
 52. The method ofclaim 41, wherein: receiving the access request comprises receiving theaccess request at the serving controller entity; accessing an accessdeny time interval comprises retrieving the access deny time intervalfrom the register to the serving controller entity in response toreceiving the access request; and denying access to thetelecommunications network comprises one of (i) denying a network attachfor the at least one terminal if the access request is received withinthe retrieved access deny time interval, or (ii) denying establishing apacket data protocol context for the at least one terminal if the accessrequest is received within the retrieved access deny time interval. 53.A non-transitory computer-readable medium having instructions storedthereon that, when executed by one or more processors of atelecommunications network configured for allowing access for aplurality of terminals that each comprise a unique identifier foraccessing the telecommunications network, cause the telecommunicationsnetwork to carry out functions including: receiving an access requestand the unique identifier from at least one terminal for access to saidtelecommunications network; accessing a grant access time intervalassociated with the at least one terminal from a register of thetelecommunications network using the received unique identifier, whereinthe register is configured for storing the unique identifier of the atleast one terminal in combination with the grant access time interval;and denying access to the telecommunications network for the at leastone terminal if the access request is received outside the grant accesstime interval; a serving controller transmitting one of access denialinformation or access grant information to the at least one terminal;and the at least one terminal transmitting an access request to thetelecommunications network only within the grant access time intervalidentified according to whichever one of the access denial informationor the access grant information is transmitted by the servingcontroller, wherein a class of applications that do not requireimmediate transfer of data are executed, and wherein the grant accesstime interval for a terminal executing the class of applications is avariable time interval x-y that is scheduled depending on a network loadexperienced by, or expected for, the telecommunications network, whereinaccess to the telecommunications network is granted if the network loadis below, or is expected to be below, a particular threshold.
 54. Anon-transitory computer-readable medium having instructions storedthereon that, when executed by one or more processors of atelecommunications network configured for allowing access for aplurality of terminals that each comprise a unique identifier foraccessing the telecommunications network, cause the telecommunicationsnetwork to carry out functions including: receiving an access requestand the unique identifier from at least one terminal for access to saidtelecommunications network; accessing an access deny time intervalassociated with the at least one terminal from a register of thetelecommunications network using the received unique identifier, whereinthe register is configured for storing the unique identifier of the atleast one terminal in combination with the access deny time interval;and denying access to the telecommunications network for the at leastone terminal if the access request is received within the access denytime interval; a serving controller transmitting one of access denialinformation or access grant information to the at least one terminal;and the at least one terminal transmitting an access request to thetelecommunications network only outside of the access deny time intervalidentified according to whichever one of the access denial informationor the access grant information is transmitted by the servingcontroller, wherein a class of applications that do not requireimmediate transfer of data are executed, and wherein the access denytime interval for each terminal is a variable time interval x-y that isscheduled depending on network load experienced by, or expected for, thetelecommunications network, access to the telecommunications networkbeing denied to the each terminal if the network load is above, or isexpected to be above, a particular threshold.
 55. A terminal configuredfor use in a telecommunications network, wherein the telecommunicationsnetwork is configured for providing access to a plurality of terminalsthat each have a unique identifier for accessing the telecommunicationsnetwork, and wherein the terminal comprises: a message receiverconfigured for receiving a message from the telecommunications network,the message including information indicative of a grant access timeinterval for the terminal retrieved from a register of thetelecommunications network based on a unique identifier of the terminal;and one or more processors and memory storing processor instructionsthat, when executed by the one or more processors, cause the one or moreprocessors to carry out operations including: an access requestoperation for transmitting an access request to the telecommunicationsnetwork in accordance with the grant access time interval in themessage, and a class of applications that do not require immediatetransfer of data, wherein the grant access time interval for a terminalexecuting the class of applications is a variable time interval x-y thatis scheduled depending on a network load experienced by, or expectedfor, the telecommunications network, wherein access to thetelecommunications network is granted if the network load is below, oris expected to be below, a particular threshold.
 56. The terminal ofclaim 55, wherein applications that do not require immediate transfer ofdata are denied access to the network during peak load periods by havinggrant access time intervals that are outside the peak load periods. 57.The terminal of claim 55, wherein the grant access time interval for aterminal executing the class of applications corresponds to time slotsduring which access to the telecommunications network is denied.
 58. Aterminal configured for use in a telecommunications network, wherein thetelecommunications network is configured for providing access to aplurality of terminals that each have a unique identifier for accessingthe telecommunications network, and wherein the terminal comprises: amessage receiver configured for receiving a message from thetelecommunications network, the message including information indicativeof an access deny time interval for the terminal retrieved from aregister of the telecommunications network based on a unique identifierof the terminal; and one or more processors and memory storing processorinstructions that, when executed by the one or more processors, causethe one or more processors to carry out operations including: an accessrequest operation for transmitting an access request to thetelecommunications network in accordance with the access deny timeinterval in the message, and a class of applications that do not requireimmediate transfer of data, wherein the access deny time interval foreach terminal is a variable time interval x-y that is scheduleddepending on network load experienced by, or expected for, thetelecommunications network, access to the telecommunications networkbeing denied to the each terminal if the network load is above, or isexpected to be above, a particular threshold.
 59. The terminal of claim58, wherein applications that do not require immediate transfer of dataare denied access to the network during peak load periods by havingaccess deny time intervals that are within the peak load periods. 60.The terminal of claim 58, wherein the access deny time interval for aterminal executing the class of applications corresponds to time slotsduring which access to the telecommunications network is allowed.